Last night we detected one new Bagle variant, this variant only had downloading capabilities and no massmailing functionality. (Except for the Trojan-Proxy functionality that is).
All download locations encoded in the Bagle’s body were dead, but are currently acitve and the author has put malware online.
This new malware is a Trojan-Downloader, we detect it as Trojan-Downloader.Win32.Small.asb.
Trojan-Downloader.Win32.Small.asb then downloads a new version of Email-Worm.Win32.Bagle.pac which has mass-mailing functionality. However, the samples which this worm spreads only have Trojan-Downloader functionality and no mass-mailing capabilities.
So basically it’s the same story as we had before with Email-Worm.Win32.Bagle.pac so far.
We’re monitoring the situation. Let’s just hope we won’t see as many variants in one day as last time.